OpenStack计算服务是基础设施即服务(IaaS)系统的主要组成部分。OpenStack计算服务使用Keystone来执行其身份验证,使用Horizon作为其管理接口,并使用Glance提供其镜像服务。
一、OpenStack 计算服务包含的组件
图1.1. OpenStack Nova组件
二、OpenStack计算节点基本环境配置
1.配置主机名和网络信息
1.1配置主机名
|
1
2
|
root@compute1:~
# vim /etc/hostname
compute1
|
1.2 配置IP地址
|
1
2
3
4
5
6
|
root@compute1:~
# vim /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.100.102
netmask 255.255.255.0
gateway 192.168.100.2
|
1.3 配置名称解析hosts
|
1
2
3
4
5
6
7
|
root@compute1:~
# vim /etc/hosts
# controller
192.168.100.100 controller
# network
192.168.100.101 network
# compute1
192.168.100.102 compute1
|
2.网络时间协议ntp
2.1 安装ntp服务器
|
1
|
root@compute1:~
# apt-get install ntp
|
2.2 配置/etc/ntp.conf 服务
|
1
|
server controller iburst
|
2.3重启ntp服务
|
1
|
root@compute1:~
# /etc/init.d/ntp restart
|
3.系统升级更新
3.1 更新openstack 仓库源
|
1
2
3
|
root@compute1:~
# apt-get install ubuntu-cloud-keyring
root@compute1:~
# vim /etc/apt/sources.list.d/cloudarchive-kilo.list
deb http:
//ubuntu-cloud
.archive.canonical.com
/ubuntu
trusty-updates
/kilo
main
|
3.2升级软件包,如果升级过程中包含内核的升级,需要重启服务器。
|
1
2
|
root@compute1:~
# apt-get update
root@compute1:~
# apt-get dist-upgrade
|
三、安装和配置控制节点
下面介绍如何在控制节点上面安装和配置计算服务,即Nova。下面所有的操作步骤在控制节点上面操作。在安装和配置计算服务之前,必须先创建数据库、服务证书和API。
1.1数据库配置
1)创建数据库
|
1
2
3
|
root@controller:~
# mysql -uroot –p
MariaDB [(none)]> create database nova;
Query OK, 1 row affected (0.01 sec)
|
2)给数据库授权
|
1
2
3
4
5
6
7
8
|
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO
'nova'
@
'localhost'
IDENTIFIED BY
'sfzhang1109'
;
Query OK, 0 rows affected (0.16 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO
'nova'
@
'%'
IDENTIFIED BY
'sfzhang1109'
;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.27 sec)
|
3)退出数据库客户端
|
1
2
|
MariaDB [(none)]>
exit
Bye
|
1.2 导入admin身份凭证以便执行管理命令
|
1
|
root@controller:~
# source admin-openrc.sh
|
1.3 创建服务证书
1)创建nova用户(密码:nova)
|
1
2
3
4
5
6
7
8
9
10
11
12
|
root@controller:~
# openstack user create--password-prompt nova
User Password:
Repeat User Password:
+----------+----------------------------------+
| Field |Value |
+----------+----------------------------------+
| email |None |
| enabled |True |
|
id
|44ccbfd3be744176b3650dc0eb24d5b8 |
| name |nova |
| username | nova |
+----------+----------------------------------+
|
2)添加nova用户到admin角色
|
1
2
3
4
5
6
7
|
root@controller:~
# openstack role add --project service --user nova admin
+-------+----------------------------------+
|Field | Value |
+-------+----------------------------------+
|
id
| 05616505a61c4aa78f43fba9e60ba7fc |
|name | admin |
+-------+----------------------------------+
|
3)创建nova服务实体
|
1
2
3
4
5
6
7
8
9
10
|
root@controller:~
# openstack service create --name nova --description "OpenStackCompute" compute
+-------------+----------------------------------+
|Field | Value |
+-------------+----------------------------------+
|description | OpenStack Compute |
|enabled | True |
|
id
|22b9948004934b169b0618c533e3a7e4 |
|name | nova |
|
type
| compute |
+-------------+----------------------------------+
|
1.4创建nova服务的API endpoint
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
root@controller:~
# openstack endpoint create \
--publicurlhttp:
//controller
:8774
/v2/
%\(tenant_id\)s \
--internalurl http:
//controller
:8774
/v2/
%\(tenant_id\)s\
--adminurlhttp:
//controller
:8774
/v2/
%\(tenant_id\)s \
--region RegionOne \
compute
+--------------+-----------------------------------------+
|Field | Value |
+--------------+-----------------------------------------+
|adminurl | |
|
id
|027bc91642794be6b1880e03b8dd5a92 |
|internalurl | |
|publicurl | |
|region | RegionOne |
|service_id |22b9948004934b169b0618c533e3a7e4 |
|service_name | nova |
|service_type | compute |
+--------------+-----------------------------------------+
|
四、安装和配置计算控制节点组件
下面所有的操作步骤在控制节点上面操作。
1.安装软件包
|
1
2
|
root@controller:~
# apt-get install nova-api nova-cert nova-conductor nova-consoleauth \
nova-novncproxy nova-scheduler python-novaclient
|
2.编辑nova配置文件/etc/nova/nova.conf
1)在[database]部分配置数据库访问
|
1
|
connection= mysql:
//nova
:sfzhang1109@controller
/nova
|
2)在[DEFAULT]和[oslo_messaging_rabbit]部分配置RabbitMQ消息队列访问
|
1
2
3
4
5
6
7
8
|
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 2015OS
##
|
这里的密码为rabbitmqctl add_user命令添加openstack用户的密码
3) 在[DEFAULT]和[keystone_authtoken]部分配置身份认证服务
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[DEFAULT]
...
auth_strategy= keystone
[keystone_authtoken]
...
auth_uri= http:
//controller
:5000
auth_url= http:
//controller
:35357
auth_plugin= password
project_domain_id= default
user_domain_id= default
project_name= service
username= nova
password= nova
|
4) 在[DEFAULT]部分配置控制节点网络IP地址
|
1
2
3
|
[DEFAULT]
...
my_ip= 192.168.100.100
|
5) 在[DEFAULT]部分配置 VNC代理以使用控制节点的网络地址
|
1
2
3
4
|
[DEFAULT]
...
vncserver_listen =192.168.100.100
vncserver_proxyclient_address =192.168.100.100
|
6) 在[glance]部分配置镜像服务的位置
|
1
2
3
|
[glance]
...
host = controller
|
7)在[oslo_concurrency]部分,配置lock路径
|
1
2
3
|
[oslo_concurrency]
…
lock_path=
/var/lib/nova/tmp
|
8)在[DEFAULT]段中开启详细日志配置,为后期的故障排除提供帮助
|
1
2
3
4
|
[DEFAULT]
...
log_dir=
/var/log/nova
verbose = True
|
3.初始化nova数据库
|
1
2
3
|
root@controller:~
# su -s /bin/sh -c "nova-manage dbsync" nova
2015-09-1814:09:42.462 5096 INFO migrate.versioning.api [-] 215 -> 216...
…
|
4.启动nova服务
|
1
2
3
4
5
6
|
root@controller:~
# service nova-api restart
root@controller:~
# service nova-cert restart
root@controller:~
# service nova-consoleauth restart
root@controller:~
# service nova-scheduler restart
root@controller:~
# service nova-conductor restart
root@controller:~
# service nova-novncproxy restart
|
5.默认会创建SQLite数据库,因为使用的是MYSQL数据库,因此要删除SQLite数据库文件
|
1
|
root@controller:~
# rm -f /var/lib/nova/nova.sqlite
|
四、安装和配置计算节点
这部分描述如何在一个计算节点上面安装和配置compute服务。这个服务支持一些hypervisors来部署实例或者虚拟机。
1.安装compute hypervisor组件
|
1
|
root@compute1:~
# apt-get install nova-compute sysfsutils
|
2.编辑/etc/nova/nova.conf配置文件
1)在[DEFAULT]和[oslo_messaging_rabbit]部分配置RabbitMQ消息队列访问
|
1
2
3
4
5
6
7
8
|
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 2015OS
##
|
这里的密码为rabbitmqctl add_user命令添加openstack用户的密码
2)在[DEFAULT]和[keystone_authtoken]部分配置身份认证服务
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
[DEFAULT]
...
auth_strategy= keystone
[keystone_authtoken]
...
auth_uri= http:
//controller
:5000
auth_url= http:
//controller
:35357
auth_plugin= password
project_domain_id= default
user_domain_id= default
project_name= service
username= nova
password= nova
|
3) 在[DEFAULT]部分配置控制节点网络IP地址
|
1
2
3
|
[DEFAULT]
...
my_ip= 192.168.100.100
|
4) 在[DEFAULT]部分启用和配置remote console 访问
|
1
2
3
4
5
6
|
[DEFAULT]
...
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 192.168.100.102
novncproxy_base_url = http:
//controller
:6080
/vnc_auto
.html
|
5) 在[glance]部分配置镜像服务的位置
|
1
2
3
|
[glance]
...
host = controller
|
6)在[oslo_concurrency]部分,配置lock路径
|
1
2
3
|
[oslo_concurrency]
…
lock_path=
/var/lib/nova/tmp
|
7)在[DEFAULT]段中开启详细日志配置,为后期的故障排除提供帮助
|
1
2
3
4
|
[DEFAULT]
...
log_dir=
/var/log/nova
verbose = True
|
五、完成安装
1.验证计算机是否支持虚拟机硬件加速
|
1
2
|
root@controller:~
# egrep -c '(vmx|svm)' /proc/cpuinfo
1
|
如果这个命令返回 1或更大的值,说明计算节点支持硬件加速,不需要进行额外的配置。
如果这个命令返回的是 0,说明计算节点不支持硬件加速,必须进行下面的设置。
|
1
2
3
4
5
|
设置libvirt使用QEMU 而不能使用KVM。
编辑文件
/etc/nova/nova-compute
.conf在[libvirt]
[libvirt]
...
virt_type = qemu
|
2.重启计算服务
|
1
|
root@compute1:~
# service nova-compute restart
|
3.默认会创建SQLite数据库,因为使用的是MYSQL数据库,因此要删除SQLite数据库文件
|
1
|
root@compute1:~
# rm -f /var/lib/nova/nova.sqlite
|
六、OpenStack 计算节点nova验证操作
注意:验证操作在控制节点上面进行。
1.执行admin身份凭证
|
1
|
root@controller:~
# source admin-openrc.sh
|
2.列出服务组件来验证每个进程的成功创建和注册
下面显示四个服务在控制节点启用,一个服务在计算节点
|
1
2
3
4
5
6
7
8
9
10
|
root@controller:~
# nova service-list
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
|1 | nova-cert | controller | internal | enabled | up | 2015-09-24T06:46:42.000000 | - |
|2 | nova-consoleauth | controller |internal | enabled | up |2015-09-24T06:46:35.000000 | - |
|3 | nova-scheduler | controller | internal | enabled | up | 2015-09-24T06:46:35.000000 | - |
|4 | nova-conductor | controller | internal | enabled | up | 2015-09-24T06:46:35.000000 | - |
|5 | nova-compute | compute1 | nova | enabled | up |2015-09-24T06:46:40.000000 | - |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
|
3.列出API endpoints 在 Identity service核实身份验证连接服务
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
root@controller:~
#nova endpoints
+-----------+----------------------------------+
|keystone | Value |
+-----------+----------------------------------+
|
id
|2129b615198b4bcc8067b750a4edabb6 |
|interface | public |
|region | RegionOne |
|region_id | RegionOne |
|url |http:
//controller
:5000
/v2
.0 |
+-----------+----------------------------------+
+-----------+----------------------------------+
|keystone | Value |
+-----------+----------------------------------+
|
id
|426dd482fcb14c2bb4f65edeb9e23b77 |
|interface | internal |
|region | RegionOne |
|region_id | RegionOne |
|url |http:
//controller
:5000
/v2
.0 |
+-----------+----------------------------------+
+-----------+----------------------------------+
|keystone | Value |
+-----------+----------------------------------+
|
id
| 8b0de58ca9994bb8a4f576443ec92f9b |
|interface | admin |
|region | RegionOne |
|region_id | RegionOne |
|url |http:
//controller
:35357
/v2
.0 |
+-----------+----------------------------------+
+-----------+------------------------------------------------------------+
|nova | Value |
+-----------+------------------------------------------------------------+
|
id
|5dd845c869994633a866cd8612cee27b |
|interface | admin |
|region | RegionOne |
|region_id | RegionOne |
|url |http:
//controller
:8774
/v2/d04d4985d62f42e2af2ddc35f442ffd9
|
+-----------+------------------------------------------------------------+
+-----------+------------------------------------------------------------+
|nova | Value |
+-----------+------------------------------------------------------------+
|
id
| adfbb3d19a504d3098757b6303818d8d |
|interface | public |
|region | RegionOne |
|region_id | RegionOne |
|url |http:
//controller
:8774
/v2/d04d4985d62f42e2af2ddc35f442ffd9
|
+-----------+------------------------------------------------------------+
+-----------+------------------------------------------------------------+
|nova | Value |
+-----------+------------------------------------------------------------+
|
id
|c05aa31990d948f0b44b5e6c5868c0cd |
|interface | internal |
|region | RegionOne |
|region_id | RegionOne |
|url | |
+-----------+------------------------------------------------------------+
+-----------+----------------------------------+
|glance | Value |
+-----------+----------------------------------+
|
id
|74a9ff79e8a8430b9ed467e10465a93d |
|interface | public |
|region | RegionOne |
|region_id | RegionOne |
|url | http:
//controller
:9292 |
+-----------+----------------------------------+
+-----------+----------------------------------+
|glance | Value |
+-----------+----------------------------------+
|
id
|c397966e81874832aaaef103ad7e2dff |
|interface | admin |
|region | RegionOne |
|region_id | RegionOne |
|url | http:
//controller
:9292 |
+-----------+----------------------------------+
+-----------+----------------------------------+
|glance | Value |
+-----------+----------------------------------+
|
id
| f63ad1c91cdb43ed9841b91b4aa543e1 |
|interface | internal |
|region | RegionOne |
|region_id | RegionOne |
|url | http:
//controller
:9292 |
+-----------+----------------------------------+
|
4.列出镜像在 Image service 目录验证连接 Image service
|
1
2
3
4
5
6
|
root@controller:~
#nova image-list
+--------------------------------------+---------------------+--------+--------+
|ID |Name | Status | Server |
+--------------------------------------+---------------------+--------+--------+
|df54ff49-b167-4fed-987a-0ade3cbc9aca | cirros-0.3.4-x86_64 | ACTIVE | |
+--------------------------------------+---------------------+--------+--------+
|
备注:
1)OpenStack官方文档:
http://docs.openstack.org/kilo/install-guide/install/apt/content/
2)控制节点nova.conf完整的配置文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
[DEFAULT]
dhcpbridge_flagfile=
/etc/nova/nova
.conf
dhcpbridge=
/usr/bin/nova-dhcpbridge
log_dir=
/var/log/nova
state_path=
/var/lib/nova
lock_path=
/var/lock/nova
force_dhcp_release=True
libvirt_use_virtio_for_bridges=True
verbose=True
ec2_private_dns_show_ip=True
api_paste_config=
/etc/nova/api-paste
.ini
enabled_apis=ec2,osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 192.168.100.100
vncserver_listen = 192.168.100.100
vncserver_proxyclient_address = 192.168.100.100
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 2015OS
##
[database]
connection = mysql:
//nova
:sfzhang1109@controller
/nova
[keystone_authtoken]
auth_uri = http:
//controller
:5000
auth_url = http:
//controller
:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova
[glance]
host = controller
[oslo_concurrency]
lock_path =
/var/lib/nova/tmp
|
3)计算节点nova.conf完整的配置文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
[DEFAULT]
dhcpbridge_flagfile=
/etc/nova/nova
.conf
dhcpbridge=
/usr/bin/nova-dhcpbridge
log_dir=
/var/log/nova
state_path=
/var/lib/nova
lock_path=
/var/lock/nova
force_dhcp_release=True
libvirt_use_virtio_for_bridges=True
verbose=True
ec2_private_dns_show_ip=True
api_paste_config=
/etc/nova/api-paste
.ini
enabled_apis=ec2,osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 192.168.100.100
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 192.168.100.102
novncproxy_base_url =
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 2015OS
##
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http:
//controller
:5000
auth_url = http:
//controller
:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova
[glance]
host = controller
[oslo_concurrency]
lock_path =
/var/lib/nova/tmp
|
本文转自 sfzhang 51CTO博客,原文链接:http://blog.51cto.com/sfzhang88/1697866,如需转载请自行联系原作者
